Avast pop ups about differentia/diff.php & disorderstatus.ru! HELP!

Viruses and worms
1

Help im repeatedly getting this. Sick and tired of these popups.

I googled about this malware and got varying results.

Please help me with working solution. Thank you in advance!

I also have attached the scan log from the MalwareBytes Threat scan.

2

see here https://forum.avast.com/index.php?topic=53253.0
scroll down to second picture Farbar Recovery Scan Tool attach the two diagnostic logs

Did you get this problem after using a USB stick?

3

Here are the additional txt log files.

I really dont know wheere i got this from , but i did had connected to many USB sticks.

4

This free program will protect you from USB infections in the future. It is a install and forget program MCShield http://www.mcshield.net

a malware expert will assist you soon

5

Open notepad by pressing the Windows Key + R Key, typing in Notepad in the Run dialog and then pressing Enter. Please copy the contents of the Code box below. To do this highlight the contents of the box by clicking [Select] next to Code: , then right click on any of the highlighted text and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt



Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1586452294-935012983-3360342426-1001\...\MountPoints2: {1d222802-8322-11e5-8275-3ca82aaf7029} - "I:\Lenovo_Suite.exe"
Hosts:
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF HKLM-x32\...\Firefox\Extensions: [firefox@bho.com] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt => not found
CHR StartupUrls: Default -> "hxxp://www.google.co.in/","hxxp://www.msn.com/?pc=AV01","hxxp://istart.webssearches.com/?type=hp&ts=1416835611&from=slbnew&uid=WDCXWD5000BEVT-24A0RT0_WD-WX61A804523845238"
CHR Extension: (Google Drive) - C:\Users\RISHABH SONI\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Google Search) - C:\Users\RISHABH SONI\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
2015-10-25 15:03 - 2015-10-25 15:03 - 00002957 _____ C:\Users\RISHABH SONI\Downloads\C2EB8271450486FCDA55B08FBB05AF88A5D2BF86.torrent
2015-08-23 18:55 - 2015-06-16 02:46 - 83783040 ___SH () C:\ProgramData\msqeacsb.exe
C:\Users\RISHABH SONI\AppData\Local\Temp\cdo2051589782.dll
C:\Users\RISHABH SONI\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpknijer.dll
C:\Users\RISHABH SONI\AppData\Local\Temp\HPSFUpdater.exe
C:\Users\RISHABH SONI\AppData\Local\Temp\{CB689879-DA7D-4BDD-A1AA-2A1F26F9420D}-DropboxClient_3.10.8.exe
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end

NOTE. It’s important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting “Run as Administrator…”. The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show nothing (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.

http://i1351.photobucket.com/albums/p785/dbreeze2/just%20stuff/Press%20the%20FIX%20button_zpsdd5zi3mt.png

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please attach it to your reply post. Also, tell me how your system is running now.

6

Well the System is running fine now. No more pop ups about those malwares., though i feel the system has become a bit slow.

Here are the files u had asked for.

Thank you guys again.

7

You could uninstall the McAfee Security Scan Plus as Avast will handle your security. This will help with the system speed.

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

- [b]Vista/7/8 users:[/b] Right click the [b]AdwCleaner[/b] icon on the desktop, click [b]Run as administrator[/b] and accept the UAC prompt to run AdwCleaner.

You will see the following console:

http://i1351.photobucket.com/albums/p785/dbreeze2/Scanners%20screens/AdwCleaner_v5016_zpsf8ln0fea.png

- Click the [b]Scan[/b] button and wait for the scan to finish.
- After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: [b]Waiting for action. Please uncheck elements you don't want to remove.[/b]
- Click the [b]Clean[/b] button.
- [b]Everything checked[/b] will be deleted.
- When the program has finished cleaning a report appears.
- Once done it will ask to reboot, allow this

http://1.bp.blogspot.com/-vitKqfMQS4o/UEDylIQ7HJI/AAAAAAAABLc/Hx-IwqKoaxg/s1600/adwcleaner_delete_restart.jpg

- On reboot a log will be produced; please attach that in your next reply. This report is also saved to [b]C:\AdwCleaner\AdwCleaner[C0].txt[/b]

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here’s Why and Here. You can always Reinstall it.

8

Sorry for the delay in this reply.

I installed and ran the AdwCleaner. This is the report i got.

Please note That this text is AdwCleaner[C1].txt , not [C0] as u had mentioned.

9

Not a problem with the delay in answering; real life always comes first, my friend.

Your logs are clean and we should now remove our tools from your system …

You should keep MCShield installed and running as it will help prevent the spread of USB transmitted malware.

Clean up of Malware Removal Tools
Now that we are through using these tools, let’s clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.

[]Download Delfix from here to your desktop and double click it to start the program
[*]Ensure Remove disinfection tools is ticked
Also tick:
[]Activate UAC
[]Create registry backup
[]Purge system restore
[*]Reset system settings

http://i1351.photobucket.com/albums/p785/dbreeze2/just%20stuff/DelFixSelectall_zps0f04cec4.png

[*]Click Run
[*]The program will run for a few moments and then notepad will open with a log. Note: Please save this log first before rebooting your system (if asked to); DelFix does not save the log as it is trying to remove all traces of our work on your system. Please attach the log in your next reply.

You can delete any log files left on your desktop as these are no longer needed.

10

I did all delete all the other log files , thank you.

After all these scans and fix , the computer is running fine, except for chrome isnt openinig. Its just staying in background process.

Anyway here is the log file u had asked earlier.

11

You could try a re-install of Chrome to see if that fixes it:

FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Google Chrome

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.

SECOND >>>>

64 bit: Reboot your machine and then go to here and download a fresh installer for Chrome.

Double click on the downloaded file to install the latest version of Chrome. Your settings and extensions should be added automatically; please let me know if there are any errors with this.

12

I tried uninstalling , but even the installer is running in background.
But after a while, the uninstall started., and got stuck again.

Im attaching a screenshot of that process in task manager.

Im using firefox for now. What will happen to chrome ?
Is this because of those malwares which had affected chrome ?

13

From what you are describing, it sounds like Windows is “hanging” on one background routine (usually this is during an installation while other processes are running). You may be able clear the blacked process and let things return to normal by booting into Safe Mode and then returning to a Normal Boot.

This web site gives instructions on booting into Safe Mode for Win 8 / 8.1: http://windows.microsoft.com/en-ca/windows-8/windows-startup-settings-safe-mode

14

Thank you sir, the system is back to normal again.

15

Thanks for sticking with us; glad the system is running well again. Enjoy the coming Holidays!!! ;D